Release Notes Initial Content (Version 7.1.17)
Thank you for choosing Tanium. This document is intended to document changes between releases of Tanium Initial Content.
Tanium Initial Content 7.1.17
Release Date: Dec 23, 2019
- Initial Content - Cloud: 7.1.17.0005
Release Date: Jan 2, 2020
- Initial Content - Base: 7.1.17.0008
- Initial Content - File System: 7.1.17.0008
- Initial Content - Hardware: 7.1.17.0008
The previous version can be found here: Release Notes Initial Content (Version 7.1.15)
Enhancements:
Tanium Initial Content Base
- The Chassis Type sensor will now return "Virtual" for Cloud machines hosted on Amazon EC2, Microsoft Azure, and Google Cloud.
- The Is Virtual sensor will now return "True" for Cloud machines hosted on Amazon EC2, Microsoft Azure, and Google Cloud. It will also more correctly detect OpenStack, Docker, and Kubernetes platforms. And improved detection of Linux guests on VMWare ESXi hosts.
- Similarly, the VMWare Guest sensor has improved detection of Linux guests on VMWare ESXi hosts.
- The Virtual Platform sensor will now return "Amazon EC2" for Cloud machines hosted on Amazon EC2, "Azure" for Cloud machines hosted on Microsoft Azure, and "Google Compute Engine" for machines hosted on Google Cloud. It will also more correctly detect OpenStack, Docker, and Kubernetes platforms.
- The Tanium Client Installation Date sensor will now no longer return the time value, though will retain the output formatting. Concretely, previously a string such as Wed, 13 Nov 2019 01:02:33 -0480 would now be returned as Wed, 13 Nov 2019 00:00:00 +0000. All supported platforms were updated and provide the same, stackable result.
- The Tanium Client Installation Time sensor was updated so that all supported platforms now provide the same output format.
Tanium Initial Content Hardware
- The Chassis Type sensor will now return "Virtual" for Cloud machines hosted on Amazon EC2, Microsoft Azure, and Google Cloud. This sensor also exists in Initial Content Base.
- The Motherboard Manufacturer sensor will now return "Amazon EC2" for Cloud machines hosted on Amazon EC2, "Microsoft Corporation" for Cloud machines hosted on Microsoft Azure, and "Google" for machines hosted on Google Cloud.
- The Model sensor will now return "Amazon EC2" for Cloud machines hosted on Amazon EC2, "Azure Virtual Machine" for Cloud machines hosted on Microsoft Azure, and "Google Compute Engine" for machines hosted on Google Cloud.
Tanium Initial Content Cloud
- The following IC Cloud sensors are updated:
- Cloud EC2 Instance IAM Role
- Cloud EC2 Instance VPC ID
- Cloud Instance Account
- Cloud Instance ID
- Cloud Instance Image
- Cloud Instance Provider
- Cloud Instance Public IP
- Cloud Instance Public Keys
- Cloud Instance Region
- Cloud Instance Type
- Cloud Instance Zone
So that if there is a valid but blank string result provided by the cloud provider's metadata service, a specific sensor result of '[empty string]' is sent. This helps avoid confusion and the appearance of error when examining results, particularly when joined with other sensors.
Bug Fixes:
Tanium Initial Content File System
- The output type of the File Size sensor is now integer, as the data sent from endpoints has always been the number of bytes, and not the prettier / rounded file size type such as 2 MB. There was no change to the output strings of the sensors, only the sensor's description of the resulting data.
Additional Information
The sensors UDP Connections and TCP Connections in Initial Content - Network will be removed on the next release. Please use IP Connections.
Known Issues and Workarounds
- The Initial Content - Cloud's Python component will fail to install when executing on a 32-bit Windows.
- All Initial Content - Cloud sensors running on OpenStack Nova instances will falsely report Amazon EC2 as the platform. This is because of the default Amazon EC2 metadata service compatibility. This will be disambiguated in an upcoming release.
- The Cloud Instance Tags sensor does not yet support Google Cloud Platform.
- The Cloud Instance Tags sensor requires AWS IAM configured so that instances themselves have an IAM role assigned that has a policy which allows instances to read tags on themselves. A naive policy to be applied to instances might look like this:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:DescribeTags",
"ec2:DescribeInstances",
],
"Resource": "*"
}
]
}
IAM Policy creation is beyond the scope of the document, but it is important to expect failure of the Cloud Instance Tags sensor until policy is configured on the account. The sensor 'EC2 Instance IAM Role' may be helpful in determining which EC2 instances can read tags.